DataSpii: The Catastrophic Data Leak via Browser Extensions

000Webhost Breach

Following the news that researcher Sam Jidali has uncovered “DataSpii”, a massive data leak revealing private information for 45 major companies and millions of individuals, Boris Cipot, Senior Security Engineer at Synopsys offers the following commentary.   Boris Cipot, Senior Security Engineer at Synopsys: Browser extensions, or any other add-ons that are extending software functionality, are applications and must be regarded as such. Therefore, […]

Kazakh Government To Intercept The Nation’s HTTPS Traffic

Traffic IQ Professional

Internet service providers (ISPs) based in Kazakhstan are being instructed to force their users to install government-issued root certificates on their devices to allow agencies to intercept web traffic.  The Kazakh government has taken concrete steps towards bypassing this added layer of protection by launching an encryption-busting Qaznet Trust Certificate in the nation’s capital Nur-Sultan, according to local media. […]

Experts Commentary On Equifax Settlement

Reuters is reporting that credit-reporting company Equifax Inc will pay up to a record $650 million to settle U.S. federal and state probes into a massive 2017 data breach of personal information, authorities said on Monday. The largest-ever settlement for a data breach draws to a close multiple probes into Equifax by the Federal Trade Commission, the […]

Many CEOs Falsely Led To Believe Company Is GDPR Compliant

Insights gathered by Delphix reveals that companies are not masking sensitive data    Delphix, the data virtualisation platform, has found that companies in the UK are leading their CEO to believe they compliant with GDPR (General Data Protection Regulation), when they actually have significant amounts of unprotected personal data. This was revealed when Delphix spoke to custodians of data to hear what […]

Iranian Hackers Send Out Fake LinkedIn Invitations Laced With Malware

Fake LinkedIn Network to Target Victims

U.S. cybersecurity firm FireEye has warned of a malicious phishing campaign that it has attributed to the Iranian-linked APT34—whose activity has been reported elsewhere as OilRig and Greenbug. The campaign has been targeting LinkedIn users with plausible but bogus invitations to join a professional network and emailed attachments laced with malware that seeks to infect systems with a hidden backdoor […]